Create Job Alert
Apply now »

SAP Security & Authorisation consultant

Building a sustainable tomorrow

What if your next step led further than you thought?
With a reputation built over 150 years, BAM has the depth, scale and momentum to offer you more than a next step. We offer you a path. One that can take you across sectors, into leadership, or even around the world. We invest in development because we want our people to stay and grow. Wherever you want to go, we’ll help you get there.

BAM UK & Ireland are seeking a SAP Security & Authorisation consultant to join us on a 12 month FTC

Making Possible

Strategy & Design
Establish a Fiori authorisation model including spaces/pages, catalogs, groups (if used), and launchpad roles
Define SoD control framework and mitigation strategy; embed with Access Control
Align security with identity lifecycle (joiner/mover/leaver), role provisioning, and access request workflows.
Build & Integration
Build and maintain PFCG roles for GUI and Fiori, including authorization field values, org-level derivations, start authorizations, and menu/content design
Secure Fiori Launchpad content (UI5 apps, OData services, catalogs/tiles/target mappings).
Testing & Cutover
Create and execute security test plans (unit, functional integration, UAT, negative testing, penetrations of roles)
Run authorisation trace & troubleshooting (e.g., STAUTHTRACE, ST01, SU53, SUIM) and fix defects
Prepare cutover access plans (temporary elevated roles, firefighter strategy, emergency access) and hyper care support.
Compliance & Operations
Ensure compliance with audit requirements (SOX/ITGC/etc.), produce evidence packs, and support auditor walkthroughs.
Document standard operating procedures, role build standards, naming conventions, and governance

Deliverables (Scope & Artifacts)
•    Security Strategy & Target Role Concept (incl. Fiori model)
•    Design Documents: Role build standard, naming convention, SU24 governance
•    Role Catalog: single/composite roles, deviation matrix (company code/plant/SOrg, etc.)
•    Test Assets: test scripts, trace logs, defect backlog, closure evidence
•    Cutover Plan: temporary access, firefighter coverage, rollback protocols
•    Operations Pack: SOPs, runbooks, control matrices, audit evidence, training materials

Your team

This position will be located in the UK. Travel to BAM’s offices and sites is required at least 3 days per week.

What’s in it for you?

In addition to an attractive salary we offer a significant benefits package, contributory pension, BUPA, life assurance, 26 days holiday (plus bank holidays), gym subsidy, BAM social club membership and many more exciting benefits. 

What do you bring to the role?

8+ years SAP Security & Authorisations experience, including at least one end-to-end S/4HANA transition (brownfield/greenfield or Central Finance).
Hands-on with: PFCG, SU24/SU25, SU53/SUIM, STAUTHTRACE/ST01, SEGW, SICF, /UI2/, /IWFND/, /IWBEP/*, SPRO security settings.
Strong Fiori knowledge: catalogs, spaces/pages, tiles, target mappings, OData/IWSG, content lifecycle, FLP content manager.
Good understanding of SAP business processes (FI, MM, SD, HR, etc)
Proven SoD methodology and ruleset tuning
Deep knowledge of authorization objects for key S/4HANA areas (FI/CO, MM, SD, CPM/PS).
Excellent documentation, stakeholder engagement, and ability to challenge and defend a security design diplomatically.

Must-have: S/4HANA Fiori security, SU24/SU25, PFCG role design, SoD & GRC AC, STAUCTRACE/SU53/SUIM expertise.

About BAM

Building a sustainable tomorrow. That’s our mission and our promise at BAM. It’s how we engineer vital infrastructure and construct high-quality buildings as one of the largest construction companies in Europe.

We strive to create an environment where everybody feels welcome and valued. We’re on an exciting journey to employ the best talent to join us regardless of social background, race, colour, religion, national or ethnic origin, sexual orientation, gender identity or expression, age, disability or other characteristics.

The application process

​​​

BAM is committed to ensuring a fully inclusive recruitment and onboarding process, so if at any time you feel you may need any reasonable adjustments, do not hesitate to speak with one of our team, and we will do our best to support you. "Join us in Making Possible"

For more information or an informal conversation about this opportunity, please contact Paul Howes, Recruitment Manager: paul.howes@bam.com IND1

Closing date 24th March 2026

 

 

Apply now »